[04:37] -queuebot:#lubuntu-devel- Unapproved: calamares-settings-ubuntu (noble-proposed/universe) [1:24.04.20 => 1:24.04.21] (lubuntu, ubuntustudio)
[17:56] <wxl> arraybolt3: what's up with matrix right now? i can't seem to connect on element
[17:56] <arraybolt3> me neither, it kicked me out too
[17:56] <wxl> ruh roh
[17:56] <arraybolt3> part of me wonders if that xz exploit was just used to hack the server :P
[18:03] <arraybolt3-cmp> Just in case my bouncer was compromised, I just changed my bouncer IRC nick to indicate that this instance could be compromised while I migrate to a local client.
[18:03] <arraybolt3-cmp> going to disconnect from this in a bit
[18:03] <wxl> did you check with the other matrix council folks to see if they have any idea?
[18:05] <arraybolt3-cmp> not yet, dont' know how to reach most of them
[18:05] <arraybolt3-cmp> ravage I can reach though
[18:05] <wxl> seems to me that there should be some sort of backup communication method amongst you that can be relied on in cases like this
[18:06] <arraybolt3-cmp> yeah there probably should be
[18:06] <wxl> for that matter, it makes me think that ubuntu infra could really use a status page
[18:06] <arraybolt3> agreed
[18:06] <arraybolt3> sigh, now I have to fix my connection to OFTC too...
[18:06] <arraybolt3> who really has time to fight with backdoors
[18:07] <wxl> wait what's the issue with oftc? i'm still connected there
[18:08] <arraybolt3-cmp> no issue in particular with them, but...
[18:08] <arraybolt3-cmp> * The server my bouncer runs on runs Noble.
[18:08] <arraybolt3-cmp> * I keep it up to date
[18:08] <arraybolt3-cmp> * I probably installed the backdoored liblzma at some point
[18:08] <wxl> ah right. probably this morning :)
[18:08] <arraybolt3-cmp> fill in the rest of the gaps yourself :)
[18:08] <arraybolt3-cmp> oh no, the backdoor was introduced a month ago according to vorlon
[18:09] <wxl> oh yikes
[18:09] <wxl> thankfully all of my daily drivers are running in lts'es. well, except the laptop but i actually haven't used that in a while. even then, it's not a development release
[18:11] <arraybolt3> and with that I am safe
[18:11] <wxl> going back to what you said before, please don't tell me our matrix server is running on a development release?????
[18:13] <arraybolt3> shoot, you know what else could be compromised that I need to fix?
[18:13] <arraybolt3> My GPG key of all things.
[18:14] <arraybolt3> It's on a Noble VM that I also religiously keep up to date.
[18:14] <arraybolt3> hawieubfisdbvisurghiawe
[18:14] <arraybolt3> and there's probably an SSH key I could stand to decouple from LP
[18:37] <wxl> sigh
[18:37] <wxl> well ping me if it looks like matrix is back up
[18:39] <arraybolt3> will do
[19:06] <wxl> arraybolt3: a thought that might save you some trouble: have thomas check the logs and see if there have been any unexpected ssh connections. if not, shut down sshd, update, start sshd, and continue like normal
[19:08] <arraybolt3> the problem is we don't know if it's just an sshd compromise. Lots of parts of the system use compression and a lot of that could be xz based.
[19:08] <arraybolt3> If it turns out that it *also* plants a root shell that connects to a C&C server... you see where this is going.
[19:09] <wxl> i guess so. maybe what would be better is actually shutting the server down
[19:10] <arraybolt3> thought about that... what I did was just disconnected from it, wiped all my IRC data from it, and changed my IRC passwords. The server is still on since i didn't want to disrupt anyone, but I've disconnected from it.
[19:10] <arraybolt3> and wiped anything important from it and deauthed anything useful on it
[19:11] <wxl> we could shut it down right now
[19:11] <wxl> tsimonq2, teward: thoughts? ^
[19:26] <teward> i has ping on IRC which I don't read regularly, anyone want to give me a summary?
[19:27] <teward> oh the xz exploit?
[19:27] <teward> wxl: not affected, this is why I use LTSes and not devel releases or interims for our shit
[19:27] <teward> blah random swear sorry
[19:27] <arraybolt3> devel release is used by our sandbox server
[19:27] <arraybolt3> but I think only Simon has access there
[19:28] <teward> then @tsimonq2 should drop the nuke/hammer
[19:28] <teward> or just give me permission to `shred` the disk xD
[19:28] <teward> but i digress
[19:28] <arraybolt3> wxl though if you're logged in still, feel free to issue a `shutdown now`
[19:28] <teward> @tsimonq2 WAKE UP MFER
[19:28] <teward> (I'll ping on Element too)
[19:28] <arraybolt3> good luck, chat-server.ubuntu.com is down
[19:28] <arraybolt3> which is why we're all over here on IRC now
[19:29] <arraybolt3> lol
[19:29] <wxl> shut down
[19:29] <arraybolt3> oh, that's probably from wxl
[19:29] <arraybolt3> awesome
[19:31] <wxl> oh oops i poofed simon XD
[19:32] <teward> FORTUNATELY
[19:32] <teward> I have simons email and phone numbers xD
[19:32] <teward> i did check with the Security team
[19:32] <teward> the affected `xz` never got out of -proposed in Noble
[19:32] <teward> and was purgified by Security
[19:33] <teward> no already-released Ubuntu variants are affected
[19:33] <teward> so none of the infra *I* maintain here is affected.
[19:33] <arraybolt3> right, the problem mentioned in ubuntu-release is the possibility that the malicious code in -proposed could have backdoored things built against it IIUC.
[19:33] <arraybolt3> and Many Things stuck in -proposed just came through into -release
[19:40] <arraybolt3> teward: btw I need my notes.lubuntu.me password to be sent into a conflict with the Death Star and a new one put in its place plz thank you :)
[19:40] <teward> right but it looks like Debian already has a reverted version, 5.6.1+really5.4.5-* possibly already available
[19:40] <wxl> of course we didn't have proposed enabled on the sandbox
[19:40] <teward> so it might just be a nuke-redo-everything
[19:40] <arraybolt3> right
[19:43] <wxl> any clues on what's up with matrix yet?
[19:44] <arraybolt3> still no clue
[19:44] <teward> i'll poke a contact
[19:44] <teward> because things
[19:46] <arraybolt3> sigh, this is like the fifth or sixth total password reset I've done in my life... and I'm convinced all websites need to have a generalized *fast* and easy method for doing this.
[19:46] <arraybolt3> The fact that every site has a different dance for getting to the password reset feature is ridiculous.
[19:50] <wxl> wait you were running a noble with proposed as your daily driver?????
[19:59] <arraybolt3> I was not.
[19:59] <arraybolt3> I'm worried about the possibility of backdoored applications built against the malicious liblzma that may have made it into -release.
[19:59] <wxl> oic
[20:00] <arraybolt3> I don't know if it's even possible for this to go wrong, but if the backdoor didn't introduce API breaking changes, I can see it being an issue.
[20:00] <arraybolt3> s/API/ABI/
[20:00] <arraybolt3> and whoever did this is pretty clever so they could have / probably did pull that off.
[20:01] <wxl> that would still only concern noble, right?
[20:03] <arraybolt3> true
[20:03] <wxl> so your issue is that you used a development release as a daily driver
[20:03] <wxl> thank the gods i have never done that. i'd be pulling my hair out
[20:04] <arraybolt3> yeah, I was.
[20:04] <arraybolt3> and now I'm pulling my hair out
[20:04] <wxl> yeah i can imagine
[20:22] <arraybolt3> aaaaand that was my last password changed
[20:22] <arraybolt3> whew
[20:22] <wxl> sheesh i would have been at it all week if i had to change all my passwords
[20:42] <arraybolt3> grr, I'm now realizing my Noble box had SSH access to my laptop.
[20:42] <wxl> oh jeez
[20:42] <arraybolt3> theoretically that could be bad, but... hmm...
[20:47] <arraybolt3> at this point I've taken care of any easy compromise issues. The possibility of an attacker managing to jump to my Jammy machine is *there*, but it would require that they do a *lot* of work in addition to the main exploit, and I doubt that happened.
[20:47] <arraybolt3> but who knows...
[20:48] <arraybolt3> anyway, for now my GPG key is revoked, my SSH keys are detached from anything important.
[20:48] <wxl> if it's some programmatic exploit, they may very well trying to exploit every other server associated with the machine they're exploiting
[20:49] <wxl> i mean if i was attacking ssh, i'd probably try attacking anything in the ssh config of whatever i managed to get into
[20:51] <wxl> i mean how many people use pubkey authentication with ssh but with no passwords on the key? too many!
[20:52] <arraybolt3> I hate that you're right.
[20:52] <wxl> i mean if you have a password on the key, then maybe i wouldn't sweat it so much
[20:53] <arraybolt3> nope, passwordless
[20:53] <wxl> yeah
[20:53] <arraybolt3> alright, guess now I get to find an uncompromised machine to download a fresh KFocus ISO from.
[20:53] <wxl> were you using a password on your gpg key?
[20:53] <arraybolt3> I was... but I also typed that password frequently into a posibly compromised VM.
[20:54] <arraybolt3> hey guiverc
[20:54] <arraybolt3> https://www.openwall.com/lists/oss-security/2024/03/29/4 if you're wondering what the talk about "compromised machines" is about
[20:54] <wxl> i mean i guess keylogging is a possibility?
[20:54] <guiverc> o/  (passing by, as about to head out & feed birbs)
[20:55] <arraybolt3> I already revoked my GPG key anyway so no big deal there
[20:55] <arraybolt3> the issue is my password DB.
[20:58] <wxl> is that not password protected??
[21:59] <wxl> matrix is back ya'll
[22:10] <arraybolt3> So here I am again, this time on a Fedora machine that I had laying around that I just finished getting updated.
[22:10] <arraybolt3> Currently prepping to download a couple of ISOs for recovering data and reinstalling everything.
[22:19] <wxl> arraybolt3: not sure you saw but matrix is back
[22:19] <wxl> apparently the problem was a full disk. whoops
[22:19] <arraybolt3> did not see that, good to know
[22:19] <arraybolt3> and sheesh, I guess that explains it
[22:21] <wxl> i'm running at 95% on one of my machines and did bump into that issue at one point when i had downloaded too many isos. i was doing an install and you know how drives usually work with vbox where they expand to suit? well, it all pooped out mid-install.
[22:22] <arraybolt3> heh, I hit 50% and start having anxiety.
[22:22] <arraybolt3> I'm constantly cleaning my disk of excess garbage.